

<?php
//Name: Admin.php
//Purpose: This script is for administrators to view all users 
//CreateDate: 10/01/12
//check if user is admin, create session var to declare if is admin
session_name('login');
session_start();
if($_SESSION['isAdmin'] == false)
{
	header("location: /home.php");
	exit;
}

include 'util.php';

$userId = $_SESSION['userId'];

$dbConnection = getMySqlConnection();

if(isset($_POST['save']))
{
	$pId = $_POST['userId'];	
	$firstName = $_POST['firstName'];
	$lastName = $_POST['lastName'];
	$username = $_POST['username'];
	$password = $_POST['password'];
	$dob = $_POST['dob'];
	$gender = $_POST['gender'];
	$email = $_POST['email'];
	$admin = $_POST['admin'];
	$address = $_POST['address'];
	$city = $_POST['city'];
	$state = $_POST['state'];
	$zip = $_POST['zip'];
	
	//save all the feilds
	$query = "UPDATE person
				SET 
				first_name='$firstName',
				last_name='$lastName',
				username='$username',
				password='$password',
				dob='$dob',
				gender='$gender',
				email='$email',
				admin_ind=$admin,
				street_address='$address',
				city='$city',
				state='$state',
				zip='$zip'
				
				WHERE person_id = $pId;
							
	";
	$updateResult = $dbConnection->query($query);
	
	header("location: /admin.php");
	exit;
}

$userToEditId = $_POST['userToEditId'];

$query = "SELECT * FROM person WHERE person_id=$userToEditId";

$result = $dbConnection->query($query);

while($userResult = $result->fetch_assoc())
{
	$personId = $userResult['person_id'];
	$username = $userResult['username'];
	$password = $userResult['password'];
	$firstName = $userResult['first_name'];
	$lastName = $userResult['last_name'];
	$dob = $userResult['dob'];
	$gender = $userResult['gender'];
	$email = $userResult['email'];
	$admin = $userResult['admin_ind'];
	$address = $userResult['street_address'];
	$city = $userResult['city'];
	$state = $userResult['state'];
	$zip = $userResult['zip'];
}
//display all all users info

//dispaly total users

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
	<head>
		<script src="javascript/tcaparrel.js" type="text/javascript"></script>
		<link rel="StyleSheet" href="css/tcaparrel.css" type="text/css">
		<link rel="StyleSheet" href="css/header.css" type="text/css">
	</head>

	<body class="productPage">
	<div class="contentWrapper">
		<div class="header">
		<?php 
		session_name('login');
		session_start();
		if(isset($_SESSION['username']))
		{
			include('loggedInUserHeader.php');
		}
		else
		{
			include ('loginformheader.php');
		}
		?>
		</div>
		
		<div class="menubarContentWrapper">
			<div class="menubar">
				<div class="menuItem" onclick="sweatshirts_click()"><label style="cursor: inherit">SweatShirts</label></div>
				<div class="menuItem" onclick="hats_click()"><label style="cursor: inherit">Hats</label></div>
				<div class="menuItem" onclick="tshirts_click()"><label style="cursor: inherit">T-Shirts</label></div>
				<div class="menuItem" onclick="pants_click()"><label style="cursor: inherit">Pants</label></div>
			</div>
		</div>
		
		<div class="adminContainer">
	<form name="editUserForm" action="editUser.php" method="post">
		<table>
			<tr>
				<td>
					<label>
						First Name: 
					</label>
				</td>
				<td>
					<input type="text" name="firstName" maxlength="20" value="<?php echo $firstName;?>" />
				</td>
			</tr>
			<tr>
				<td>
					<label>
						Last Name:
					</label>
				</td>
				<td>
					<input type="text" name="lastName" maxlength="30" value="<?php echo $lastName;?>"  />
				</td>
			</tr>
				
			<tr id="dobTableRow">
				<td>
					<label>
						Date of Birth*:
					</label>
				</td>
				<td>
					<input id="dob" type="text" name="dob" value="<?php echo $dob;?>" />
				</td>
			</tr>
			<tr id="genderTableRow">
				<td>
					<label>Gender*:</label>
				</td>
				<td>
					<input type="text" name="gender" value="<?php echo $gender;?>" />
				</td>
			</tr>
			<tr id="emailTableRow">
				<td>
					<label>
						Email*: 
					</label><br/>
					<label>example@email.com</label>
				</td>
				<td>
					<input type="text" name="email" value="<?php echo $email;?>"  />
				</td>
			</tr >
			<tr id="usernameTableRow" >
				<td>
					<label>
						Username*:
					</label>
				</td>
				<td>
					<input type="text" name="username" maxlength="15" value="<?php echo $username;?>"  />
				</td>
				<?php
					
				if($usernameExists)
				{
					echo '<td class="validate">Username already Exists!</td>';
				}
				
				?>			
			</tr>
			<tr id="passwordTableRow">
				<td>
					<label>
						Password*:
					</label>
				</td>
				<td>
					<input type="text" name="password" value="<?php echo sha1($password);?>"  />
				</td>
			</tr>
			<tr id="addressTableRow">
				<td>
					<label>Address:</label>
				</td>
				<td>
					<input type="text" name="address" value="<?php echo $address;?>"  />
				</td>
			</tr>
			<tr id="cityTableRow">
				<td>
					<label>City:</label>
				</td>
				<td>
					<input type="text" name="city" value="<?php echo $city;?>"  />
				</td>
			</tr>
			<tr id="stateTableRow">
				<td>
					<label>State:</label>
				</td>
				<td>
					<input type="text" name="state" value="<?php echo $state;?>"  />
				</td>
			</tr>
			<tr id="zipTableRow">
				<td>
					<label>Zip:</label>
				</td>
				<td>
					<input type="text" name="zip" value="<?php echo $zip;?>"  />
				</td>
			</tr>
			<tr>
				<td>
					<label>Admin</label>
				</td>
				<td>
					<input type="text" name="admin" value="<?php echo $admin;?>" />
				</td>
			</tr>
			<tr>
				<td colspan="2" align="right">
					<input type="hidden" name="userId" value="<?php echo $personId;?>" />
					<input type="submit" name="save"  value="Save" />
				</td>
			</tr>
		</table>
	</form>
		</div>
		
		<div class="footer"></div>
		</div>
	</body>

</html>